Home > HowTo, ubuntu > How to recover crypted home directory in Ubuntu

How to recover crypted home directory in Ubuntu

UPDATE: this topic is also covered in a better way at Dustin Kirkland’s blog
Locked hard drive

From some versions ago, Ubuntu provides the facility of setting up the home folder of his users as cyphered directories. This method secure all the documents of the user from any kind of attacks (once the user is not logged in) but what happens if something goes wrong and… you cannot boot the machine anymore? Well, the pc doesn’t recognize its user, you, and you are unable to get your data if you boot from an external hard drive or cd or usb. If you try to boot using an extern device like those, you will find your home directory empty. So… How do we recover data in this case?

If you try to mount your /home partition and try to recover your data you get this error:


root@ubuntu:/home/goshawk# ecryptfs-mount-private
ERROR: Encrypted private directory is not setup properly

During my everyday use i have been in this kind of problems. Don’t ask me how and why, but i accidentally run a rm -fr /sbin so my system was unable to boot. To recover my cyphered data i did the following:

  1. Boot from cd or usb with a live version of Ubuntu
  2. Mount your home partition in /home
  3. Create an user with the same name as your broken system username (in my case goshawk) and run ecryptfs-mount-private like i did in the following console log.

root@ubuntu:/home/goshawk# adduser --no-create-home goshawk

Adding user `goshawk' ...
Adding new group `goshawk' (1000) ...
Adding new user `goshawk' (1000) with group `goshawk' ...
Not creating home directory `/home/goshawk'.
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for goshawk
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
root@ubuntu:/home/goshawk# su goshawk
keyctl_search: Required key not available
Perhaps try the interactive 'ecryptfs-mount-private'
goshawk@ubuntu:~$ ecryptfs-mount-private
Enter your login passphrase:
Inserted auth tok with sig [50a77c517a0463e0] into the user session keyring

INFO: Your private directory has been mounted.
INFO: To see this change in your current shell:
cd /home/goshawk

goshawk@ubuntu:~$ cd /home/goshawk/
goshawk@ubuntu:~$ ls
Amule				  Music
Aptana Studio Workspace		  n900
bin				  Piano.pdf
Desktop				  Pictures
DeusSito_2010_03_26.zip_[lZ4293]  plecno2
Documents			  Public
Downloads			  Random Exercises.pdf
GrayHatPython.epub		  RegDid0809-509-CLSINFMi.pdf
GrayHatPython.mobi		  specialistica poli
GrayHatPython.pdf		  Templates
Immagine 1.png			  TimeShift-20100327T003250.m2t
Jocart.png			  Videos
jupiter
goshawk@ubuntu:~$

Et VoilĂ . As you can see i was finally able to run an ls and see all my data correctly there. Mission Accomplished. :)

About these ads
  1. Mark
    09/08/2010 at 02:41

    This is great, thankyou goshawk. For the less experienced of us out here, can you please expand this to show how you mounted the home folder?

  2. m
    18/03/2011 at 13:17

    so you’re telling us that ANYONE who gets a hold of our hard drive AND has our username can boot with a CD and get full access to our encrypted data?

  3. vincenzoampolo7
    20/03/2011 at 17:02

    Yep… and it’s not a problem of the system. The ecnryption of the home directory is based on a secret, this secret is the password. If you know the secret you can break the system.

    For a stronger secret look for encryptfs with public key. In that case only the key holder will be able to access the data.

  4. 04/05/2011 at 02:58

    I had this problem on my brother’s PC. I reinstalled the system keeping the /home partition, and marked for Ubuntu to encrypt the folder, but I forgot it was already encrypted. When I run ecryptfs-mount-private, it says the same error

    ERROR: Encrypted private directory is not setup properly

  5. 16/05/2011 at 12:38

    You saved my life. Thank you very much!

  6. jean
    23/07/2011 at 04:28

    This is great :-)
    I stuffed up my ubuntu laptop by trying to migrate to Debian Squeeze, had kernel panic on reboot and could not even go into anything.
    Downloaded karmic off winblows and went into the live environment, no fresh install.
    Only difference with your post was that I had not installed /home on a different partition.
    Created a folder on the live desktop and called it Linux

    Mounted the whole linux partition on the “Linux” folder and could only see the two files that gave me chills up my spine but non of my normal folders.

    The trick was to follow your instructions to the letter but in the virtual /home folder I create symbolic links to the folders that I needed, specially this line:
    root@ubuntu:/home# ln -s /home/ubuntu/Desktop/Linux/home/.ecryptfs ./.ecryptfs

    Once I su’d into my folder and entered my original passphrase, I can now see all of my folders/files :-)

    Thank you!!

  7. Sage
    19/08/2011 at 02:24

    I was able to get in following these steps, but I found a couple problems. 1) I couldnt copy files from the encrypted directory over to anywhere usable. 2) In the process of trying to copy them over, I had mistakenly copied a large folder over into the same directory, thus filling the drive to capacity. So whenever I try to use this trick again it says “su: cannot create temp file for here-document: No space left on device”….anyone have any ways around it?

  8. Bull J
    28/04/2012 at 02:55

    This worked.

  9. nacho
    18/05/2012 at 09:44

    It worked!! Just saved my life! Many thanks!!!

  10. Marco
    30/05/2012 at 15:29

    Anotherm mode:

    1) Boot from cd or usb with live version of ubuntu
    2) In terminal write ecryptfs-recover-private and enjoy :)

    root@ubuntu:/home/marco# ecryptfs-recover-private
    INFO: Searching for encrypted private directories (this might take a while)…
    INFO: Found [/home/.ecryptfs/marco/.Private].
    Try to recover this directory? [Y/n]: Y
    INFO: Found your wrapped-passphrase
    Do you know your LOGIN passphrase? [Y/n] Y
    INFO: Enter your LOGIN passphrase…
    Passphrase:
    Inserted auth tok with sig [d080766f10d29f11] into the user session keyring
    INFO: Success! Private data mounted read-only at [/tmp/ecryptfs.T9THC1Uk].

    3) Copy your file from /tmp/… ! ;)

    • vincenzoampolo7
      30/05/2012 at 17:06

      nice marco!

      they made it really easy now…

  11. J
    26/06/2012 at 18:45

    Hey, nice entry. I encontered a problem while trying to do what you say.

    After ecryptfs-mount-private I get this error message “ERROR: Encrypted private directory is not setup properly”

    Sorry for my english it’s not my native language.

  12. J
    26/06/2012 at 19:15

    Thank you. It worked.

    • vincenzoampolo7
      26/06/2012 at 19:21

      you are welcome :)

  13. Pablo Marron
    25/07/2012 at 20:24

    Thank you vincezoam, you are the one.

  14. 14/01/2013 at 16:44

    Thanks a lot. Those steps are still valid as of Jan. 2013. (Lubuntu 12.10).

    • Juan Pablo
      24/09/2013 at 13:17

      Hi how-to step 2.-Mount your home partition in /home ?????

  1. 10/03/2011 at 00:12
  2. 29/09/2011 at 14:12
  3. 29/06/2012 at 19:34
  4. 10/07/2012 at 23:20

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 540 other followers

%d bloggers like this: